debian/patches/ubuntu-fix-vhost-user-socket-permission.patch

   1 Description: eal: provide option to set vhost_user socket owner/permissions
   2
   3 The API doesn't hold a way to specify a owner/permission set for vhost_user
   4 created sockets.
   5
   6 Projects consuming DPDK started to do 'their own workarounds' like openvswitch
   7 https://patchwork.ozlabs.org/patch/559043/
   8 https://patchwork.ozlabs.org/patch/559045/
   9 But for this specific example they are blocked/stalled behind a bigger
  10 rework (https://patchwork.ozlabs.org/patch/604898/).
  11
  12 We need something now for existing code linking against DPDK. That implies to
  13 avoid changing API/ABI. So I created a DPDK EAL commandline option based ideas
  14 in the former patches.
  15
  16 Fixes LP: #1546565
  17
  18 *Update*
  19  - with the split libs it now nees to be listed in
  20    lib/librte_eal/linuxapp/eal/rte_eal_version.map to work on link steps
  21  - please note that upstream gravitates towards not extending but creating a
  22    new the API in DPDK as long term solution (will take a while)
  23  - also as listed before most affected projects seem to create their own
  24    workaround.
  25  So over time we have to check when we can drop it at the price of a config
  26  transition - likely OVS 2.6 won't need it anymore.
  27
  28 Forwarded: yes
  29 Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
  30 Last-Update: 2016-05-18
  31
  32 --- a/lib/librte_eal/common/eal_common_options.c
  33 +++ b/lib/librte_eal/common/eal_common_options.c
  34 @@ -95,6 +95,8 @@
  35         {OPT_VFIO_INTR,         1, NULL, OPT_VFIO_INTR_NUM        },
  36         {OPT_VMWARE_TSC_MAP,    0, NULL, OPT_VMWARE_TSC_MAP_NUM   },
  37         {OPT_XEN_DOM0,          0, NULL, OPT_XEN_DOM0_NUM         },
  38 +       {OPT_VHOST_OWNER,       1, NULL, OPT_VHOST_OWNER_NUM      },
  39 +       {OPT_VHOST_PERM,        1, NULL, OPT_VHOST_PERM_NUM       },
  40         {0,                     0, NULL, 0                        }
  41  };
  42
  43 @@ -166,6 +168,8 @@
  44  #endif
  45         internal_cfg->vmware_tsc_map = 0;
  46         internal_cfg->create_uio_dev = 0;
  47 +       internal_cfg->vhost_sock_owner = NULL;
  48 +       internal_cfg->vhost_sock_perm = NULL;
  49  }
  50
  51  static int
  52 --- a/lib/librte_eal/common/eal_internal_cfg.h
  53 +++ b/lib/librte_eal/common/eal_internal_cfg.h
  54 @@ -83,6 +83,8 @@
  55         volatile enum rte_intr_mode vfio_intr_mode;
  56         const char *hugefile_prefix;      /**< the base filename of hugetlbfs files */
  57         const char *hugepage_dir;         /**< specific hugetlbfs directory to use */
  58 +       const char *vhost_sock_owner;     /**< owner:group of vhost_user sockets */
  59 +       const char *vhost_sock_perm;      /**< permissions of vhost_user sockets */
  60
  61         unsigned num_hugepage_sizes;      /**< how many sizes on this system */
  62         struct hugepage_info hugepage_info[MAX_HUGEPAGE_SIZES];
  63 --- a/lib/librte_eal/common/eal_options.h
  64 +++ b/lib/librte_eal/common/eal_options.h
  65 @@ -83,6 +83,10 @@
  66         OPT_VMWARE_TSC_MAP_NUM,
  67  #define OPT_XEN_DOM0          "xen-dom0"
  68         OPT_XEN_DOM0_NUM,
  69 +#define OPT_VHOST_OWNER       "vhost-owner"
  70 +       OPT_VHOST_OWNER_NUM,
  71 +#define OPT_VHOST_PERM        "vhost-perm"
  72 +       OPT_VHOST_PERM_NUM,
  73         OPT_LONG_MAX_NUM
  74  };
  75
  76 --- a/lib/librte_vhost/vhost_user/vhost-net-user.c
  77 +++ b/lib/librte_vhost/vhost_user/vhost-net-user.c
  78 @@ -77,6 +77,8 @@
  79         pthread_mutex_t mutex;
  80  };
  81
  82 +#include <rte_eal.h>
  83 +
  84  #define MAX_VIRTIO_BACKLOG 128
  85
  86  static void vhost_user_server_new_connection(int fd, void *data, int *remove);
  87 @@ -634,6 +636,7 @@
  88         if (!vsocket)
  89                 goto out;
  90         memset(vsocket, 0, sizeof(struct vhost_user_socket));
  91 +       rte_eal_set_socket_permissions(path);
  92         vsocket->path = strdup(path);
  93
  94         if ((flags & RTE_VHOST_USER_CLIENT) != 0) {
  95 --- a/lib/librte_eal/linuxapp/eal/eal.c
  96 +++ b/lib/librte_eal/linuxapp/eal/eal.c
  97 @@ -53,6 +53,9 @@
  98  #if defined(RTE_ARCH_X86)
  99  #include <sys/io.h>
 100  #endif
 101 +#include <sys/types.h>
 102 +#include <pwd.h>
 103 +#include <grp.h>
 104
 105  #include <rte_common.h>
 106  #include <rte_debug.h>
 107 @@ -344,6 +347,8 @@
 108                "  --"OPT_CREATE_UIO_DEV"    Create /dev/uioX (usually done by hotplug)\n"
 109                "  --"OPT_VFIO_INTR"         Interrupt mode for VFIO (legacy|msi|msix)\n"
 110                "  --"OPT_XEN_DOM0"          Support running on Xen dom0 without hugetlbfs\n"
 111 +              "  --"OPT_VHOST_OWNER"       Create vhost-user sockets with this owner:group\n"
 112 +              "  --"OPT_VHOST_PERM"        Create vhost-user sockets with these permissions\n"
 113                "\n");
 114         /* Allow the application to print its usage message too if hook is set */
 115         if ( rte_application_usage_hook ) {
 116 @@ -601,6 +606,14 @@
 117                         internal_config.create_uio_dev = 1;
 118                         break;
 119
 120 +               case OPT_VHOST_OWNER_NUM:
 121 +                       internal_config.vhost_sock_owner = optarg;
 122 +                       break;
 123 +
 124 +               case OPT_VHOST_PERM_NUM:
 125 +                       internal_config.vhost_sock_perm = optarg;
 126 +                       break;
 127 +
 128                 default:
 129                         if (opt < OPT_LONG_MIN_NUM && isprint(opt)) {
 130                                 RTE_LOG(ERR, EAL, "Option %c is not supported "
 131 @@ -943,3 +956,172 @@
 132         /* Module has been found */
 133         return 1;
 134  }
 135 +
 136 +/* Try to double the size of '*buf', return true
 137 + * if successful, and '*sizep' will be updated with
 138 + * the new size. Otherwise, return false.  */
 139 +static int
 140 +enlarge_buffer(char **buf, size_t *sizep)
 141 +{
 142 +    size_t newsize = *sizep * 2;
 143 +
 144 +    if (newsize > *sizep) {
 145 +        *buf = realloc(*buf, newsize);
 146 +        *sizep = newsize;
 147 +        return 1;
 148 +    }
 149 +
 150 +    return 0;
 151 +}
 152 +
 153 +static int
 154 +get_owners_from_str(const char *user_spec, uid_t *uid, gid_t *gid)
 155 +{
 156 +       size_t bufsize = 4096;
 157 +
 158 +       char *pos = strchr(user_spec, ':');
 159 +       user_spec += strspn(user_spec, " \t\r\n");
 160 +       size_t len = pos ? (size_t)(pos - user_spec) : strlen(user_spec);
 161 +
 162 +       char *buf = NULL;
 163 +       struct passwd pwd, *res;
 164 +       int e;
 165 +
 166 +       buf = malloc(bufsize);
 167 +       char *user_search = NULL;
 168 +       if (len) {
 169 +               user_search = malloc(len + 1);
 170 +               memcpy(user_search, user_spec, len);
 171 +               user_search[len] = '\0';
 172 +               while ((e = getpwnam_r(user_search, &pwd, buf, bufsize, &res)) == ERANGE) {
 173 +                       if (!enlarge_buffer(&buf, &bufsize)) {
 174 +                               break;
 175 +                       }
 176 +               }
 177 +
 178 +               if (e != 0) {
 179 +                       RTE_LOG(ERR, EAL,"Failed to retrive user %s's uid (%s), aborting.",
 180 +                               user_search, strerror(e));
 181 +                       goto release;
 182 +               }
 183 +               if (res == NULL) {
 184 +                       RTE_LOG(ERR, EAL,"user %s not found,  aborting.",
 185 +                               user_search);
 186 +                       e = -1;
 187 +                       goto release;
 188 +               }
 189 +       } else {
 190 +               /* User name is not specified, use current user.  */
 191 +               while ((e = getpwuid_r(getuid(), &pwd, buf, bufsize, &res)) == ERANGE) {
 192 +                       if (!enlarge_buffer(&buf, &bufsize)) {
 193 +                               break;
 194 +                       }
 195 +               }
 196 +
 197 +               if (e != 0) {
 198 +                       RTE_LOG(ERR, EAL,"Failed to retrive current user's uid "
 199 +                               "(%s), aborting.", strerror(e));
 200 +                       goto release;
 201 +               }
 202 +               user_search = strdup(pwd.pw_name);
 203 +       }
 204 +
 205 +       if (uid)
 206 +               *uid = pwd.pw_uid;
 207 +
 208 +       free(buf);
 209 +       buf = NULL;
 210 +
 211 +       if (pos) {
 212 +               char *grpstr = pos + 1;
 213 +               grpstr += strspn(grpstr, " \t\r\n");
 214 +
 215 +               if (*grpstr) {
 216 +                       struct group grp, *res;
 217 +
 218 +                       bufsize = 4096;
 219 +                       buf = malloc(bufsize);
 220 +                       while ((e = getgrnam_r(grpstr, &grp, buf, bufsize, &res))
 221 +                                        == ERANGE) {
 222 +                               if (!enlarge_buffer(&buf, &bufsize)) {
 223 +                                       break;
 224 +                               }
 225 +                       }
 226 +
 227 +                       if (e) {
 228 +                               RTE_LOG(ERR, EAL,"Failed to get group entry for %s, "
 229 +                                       "(%s), aborting.", grpstr,
 230 +                                       strerror(e));
 231 +                               goto release;
 232 +                       }
 233 +                       if (res == NULL) {
 234 +                               RTE_LOG(ERR, EAL,"Group %s not found, aborting.",
 235 +                                       grpstr);
 236 +                               e = -1;
 237 +                               goto release;
 238 +                       }
 239 +
 240 +                       if (gid)
 241 +                               *gid = grp.gr_gid;
 242 +               }
 243 +       }
 244 +
 245 + release:
 246 +       free(buf);
 247 +       free(user_search);
 248 +       return e;
 249 +}
 250 +
 251 +static void
 252 +vhost_set_permissions(const char *vhost_sock_location)
 253 +{
 254 +       unsigned long int mode = strtoul(internal_config.vhost_sock_perm, NULL, 0);
 255 +       int err = chmod(vhost_sock_location, (mode_t)mode);
 256 +       if (err) {
 257 +               RTE_LOG(ERR, EAL,"vhost-user socket cannot set"
 258 +                       " permissions to %s (%s).\n",
 259 +                       internal_config.vhost_sock_perm, strerror(err));
 260 +               return;
 261 +       }
 262 +       RTE_LOG(INFO, EAL,"Socket %s changed permissions"
 263 +                       " to %s\n", vhost_sock_location,
 264 +                       internal_config.vhost_sock_perm);
 265 +}
 266 +
 267 +static void
 268 +vhost_set_ownership(const char *vhost_sock_location)
 269 +{
 270 +       uid_t vhuid=0;
 271 +       gid_t vhgid=0;
 272 +
 273 +       if (get_owners_from_str(internal_config.vhost_sock_owner, &vhuid, &vhgid)) {
 274 +               RTE_LOG(ERR, EAL,"vhost-user socket unable to get"
 275 +                       " specified user/group: %s\n",
 276 +                       internal_config.vhost_sock_owner);
 277 +               return;
 278 +       }
 279 +
 280 +       int err = chown(vhost_sock_location, vhuid, vhgid);
 281 +       if (err) {
 282 +               RTE_LOG(ERR, EAL,"vhost-user socket unable to set"
 283 +                       " ownership to %s (%s).\n",
 284 +                       internal_config.vhost_sock_owner, strerror(err));
 285 +               return;
 286 +       }
 287 +
 288 +       RTE_LOG(INFO, EAL,"Socket %s changed ownership"
 289 +                       " to %s.\n", vhost_sock_location,
 290 +                       internal_config.vhost_sock_owner);
 291 +}
 292 +
 293 +void
 294 +rte_eal_set_socket_permissions(const char *path)
 295 +{
 296 +       if (internal_config.vhost_sock_perm) {
 297 +               vhost_set_permissions(path);
 298 +       }
 299 +
 300 +       if (internal_config.vhost_sock_owner) {
 301 +               vhost_set_ownership(path);
 302 +       }
 303 +}
 304 --- a/lib/librte_eal/common/include/rte_eal.h
 305 +++ b/lib/librte_eal/common/include/rte_eal.h
 306 @@ -252,6 +252,11 @@
 307         return RTE_PER_LCORE(_thread_id);
 308  }
 309
 310 +/**
 311 + * Set owner/permissions on sockets if requested on EAL commandline
 312 + */
 313 +void rte_eal_set_socket_permissions(const char *);
 314 +
 315  #ifdef __cplusplus
 316  }
 317  #endif
 318 --- a/doc/guides/testpmd_app_ug/run_app.rst
 319 +++ b/doc/guides/testpmd_app_ug/run_app.rst
 320 @@ -156,6 +156,25 @@
 321
 322      Use malloc instead of hugetlbfs.
 323
 324 +*   ``--vhost-owner``
 325 +
 326 +     When creating vhost_user sockets change owner and group to the specified value.
 327 +     This can be given as ``user:group``, but also only ``user`` or ``:group`` are supported.
 328 +
 329 +    Examples::
 330 +
 331 +       --vhost-owner 'libvirt-qemu:kvm'
 332 +       --vhost-owner 'libvirt-qemu'
 333 +       --vhost-owner ':kvm'
 334 +
 335 +*   ``--vhost-perm``
 336 +
 337 +    When creating vhost_user sockets set them up with these permissions.
 338 +
 339 +    For example::
 340 +
 341 +       --vhost-perm '0664'
 342 +
 343
 344  Testpmd Command-line Options
 345  ----------------------------
 346 --- a/lib/librte_eal/linuxapp/eal/rte_eal_version.map
 347 +++ b/lib/librte_eal/linuxapp/eal/rte_eal_version.map
 348 @@ -139,6 +139,7 @@
 349         rte_keepalive_register_core;
 350         rte_xen_dom0_supported;
 351         rte_xen_mem_phy2mch;
 352 +       rte_eal_set_socket_permissions;
 353
 354  } DPDK_2.1;
 355